gets

A Cfunction that reads a line from stdin, and places it to string given as an argument. It also returns the string.

This function looks temptingly easy to use and cool, but it doesn't do any array bounds checking. Thus, you should not use this function! If someone inputs a string that's longer than the allocated array, in best case you get segmentation fault, in worst case you clobber your own variables with data (see buffer overflow).

Oh yeah, for the newbies out there: If you're looking for a good C book, browse through what your bookstore has. If the C book instructs how to use gets() and doesn't tell it's dangerous, get some other book. Good books tell why you shouldn't use it. As said, this function is not for anyone.

gets is responsible for a great number of the buffer overrun hacks out there. If you use gets in a program, and if the program ever actually gets used for anything, some 16 year old script kiddie will figure out a way to exploit the hole and subvert the program into doing something drastically unintended. (Some of you are saying, "No, no, script kiddies are the ones who don't know anything about programming and can only make use of exploits generated by others", but my point is that exploiting a buffer overrun is, to judge from the number of new exploits being reported every day, evidently such a well-understood, textbook problem by now that even a script kiddie can do it.)

gets is most notable for the parameter it does not have. gets has no "maximum read limit", nor does it have any way of figuring out how large your input array is. Therefore, gets will cheerfullyrun off the end of your array, into whatever memory happens to follow it, should it see input larger than the amount of memory allocated.

Use of gets, therefore, is like standing up and waving a very large sign labeled "PLEASE HACK ME". No program that uses gets can be made to be secure or stable, as there is no way to use gets and avoid the risk of a buffer overrun.